This has not been a good year for security and privacy on the internet. Last week eBay was the latest company to be compromised in a cyber attack. The eBay databases were accessed, giving hackers access to usernames, encrypted passwords, email addresses, physical address and phone numbers. eBay claim that the encrypted nature of the passwords has prevented serious damage, and report no out of the ordinary activity across the site. Thankfully for users as well, eBay claim that the databases with sensitive financial information have remain untouched throughout the attack Nevertheless eBay are forcing their 128 million active user-base to reset their passwords as best practice. The message is quite mixed out of eBay at the moment. While they feel this breach has not resulted in any 'unauthorized activity' and members' accounts are 'secure', they 'are looking at other ways to strengthen security on eBay'.
eBay will be extremely disappointed to be caught up in the cyber attack scandal, especially when they had managed to avoid falling victim to last months Heartbleed epidemic. In case you missed it (unlikely): The Heartbleed Bug caused widespread vulnerability in a popular OPENSSL software widely employed across the web. Essentially anyone could exploit system memories to gain access to sensitive information like usernames and passwords. Affected sites included: Facebook, Google, Instagram and Dropbox - so this was no small beer. (If you want to know more about the Heartbleed bug follow this link or check out this excellent article on Mashable for a breakdown of affected sites).
"eBay.com was never vulnerable to this bug because we were never running a vulnerable version of OPENSSL"
However eBay managed to avoid being dragged into the Heartbleed problem and said 'eBay.com was never vulnerable to this bug because we were never running a vulnerable version of OPENSSL'
They will have been extremely disappointed therefore when they discovered their own breach happened after the username and passwords of a few employees had become compromised; of course not as disappointed as user of the sites must be by the delay in public acknowledgement of the breach - the database became compromised between February and March.
This all confirms that username and password are an increasingly outdated and vulnerable system - and not to mention they are a nightmare to deal with from a user experience standpoint. Having to remember different usernames and passwords for all the different sites and log-ins around the web is a nigh on impossible task. And additional security layers, such as captchas, tend to just add to user frustration.
That's why we are such believers in our Onescan app and platform. We provide a simple, secure and fast alternative method to replace usernames and passwords. It is built around identity and "a simple, secure and fast alternative method to replace usernames and passwords"
What's more, this means we don't have a central database of passwords that can be hacked. Onescan's authentication process is unique and encrypted every time. The authentication process is based on the interaction between your device and our servers. There's nothing on our servers that can work without the indivdual user's unique phone. Nothing to steal, nothing to hack. We sit in the middle, enabling you to tell a third-party what they need to know. With Onescan, you can register with a site for the first time, log-in to an account, or even make purchases sharing the minimum amount of information required. Of course, if you want an item delivered to your address, you have to share that - but you don't have to share financial information - Onescan can just share with the retailer the verification that you have paid. People say if it ain't broke, don't fix it. Or whatever doesn't kill you, makes you stronger. We say - if it doesn't exist, no-one can steal it. By Matthew Taylor
29th May 2014
This story around the Web: "eBay makes users change their passwords after hack" - BBC News "eBay hacking: online gangs are after you" - The Telegraph "Three states investigate eBay response to massive cyber attack" - The Guardian
A company registered in England and Wales | Company No. 07462913 | VAT No. 129587180
Ensygnia Limited Registered office: Four Station Square, Cambridge, CB1 2GE
Built by Marketing Hybrid